Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0452

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2004-0452
Last Modified 23 Oct 2013 09:34:35
Published 21 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2004-0452

Summary

Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.

Vulnerable Systems

Application

  • Larry Wall Perl 5.6.1

  • Larry Wall Perl 5.8.4


References

REDHAT - RHSA-2005:103

GENTOO - GLSA-200501-38

DEBIAN - DSA-620

BUGTRAQ - 20050111 [OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl)

XF - perl-filepathrmtree-insecure-permissions(18650)

UBUNTU - USN-44-1

BID - 12072

REDHAT - RHSA-2005:105

SECUNIA - 18517

SECUNIA - 12991

FEDORA - FLSA-2006:152845

SGI - 20060101-01-U

SECUNIA - 55314


Last Updated: 27 May 2016 11:03:13